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« The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 



- Extensions of time may be available under the provisions of 37 CFR 1 .136(a), In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)K Responsive to communication(s) filed on 19 July 2007 . 
2a)KI This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-55 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-55 is/are rejected. 

7) Q Claim(s) is/are objected to. 

8) Q Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) CD Notice of DraftspersoiVs Patent Drawing Review (PTO-948) 
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DETAILED ACTION 



1. 



Claims 31,43, and 52 have been amended. 



2. 



Claims 1-55 are pending. 



Response to Arguments 



3. Applicant's arguments filed 19 July 2007 have been fully considered but they are 
not persuasive. 

4. Referring to the rejection of claim 1 , the Applicant contends that the prior art 
(Asad et al.) does not disclose, suggest, nor teach a user-name addressable entity 
mapping. The Examiner respectfully disagrees and asserts that in response to 
applicant's arguments against the references individually, one cannot show 
nonobviousness by attacking references individually where the rejections are based on 
combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 (CCPA 
1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 

Furthermore, on page 4 of the Office Action dated 3/22/2007, the Examiner has 
acknowledged that Asad et al. clearly does not disclose this feature, however, that is the 
purpose of a 103 rejection. Asad et al. in combination with Ramsdell and UniCERT 
discloses the feature of a user-name addressable entity mapping wherein obtaining 
from a user name-addressable entity mapping a respective addressable entity 
comprises obtaining a respective addressable entity from a respective certificate stored 
in a repository of published certificates (See Ramsdell, page 6, first full paragraph and 
UniCERT, page 2, paragraph entitled "Certificate Rollover") 
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5. Referring to the rejection of claim 1 , the Applicant contends that the prior art 
(Ramsdell) does not disclose, suggest, nor teach a record-user mapping and user 
name-addressable entity mapping. The Examiner respectfully disagrees and asserts 
that it is clearly shown on page 6 of the Office Action dated 3/22/2007, maintaining the 
user name-addressable entity mapping from each user name to the respective 
addressable entity (See Ramsdell, page 5, Section 3) 

6. Referring to the rejection of claim 20, the Applicant contends that the prior art 
(Asad et al.) does not disclose, suggest, nor teach a target audit record processing for 
each identifier. The Examiner respectfully disagrees and asserts that Asad et al. 
discloses an apparatus and method for protecting against data tampering in audit 
subsystem, for creating and verifying audit logs in a relational database without 
compromising the ability to detect data tampering in a data processing system, wherein 
identifying at least one record identifier for which target audit record processing is to be 
performed, the target audit record processing comprising (See Asad et al., Column 8, 
lines 53-67, Column 9, lines 1-27) 

7. Therefore, the rejection of claims 1-55 are maintained in view of the reasons 
above and in view of the reasons below. 

Specification 

8. Applicant is reminded of the proper language and format for an abstract of the 
disclosure. 

The abstract should be in narrative form and generally limited to a single 
paragraph on a separate sheet within the range of 50 to 1 50 words. It is important that 
the abstract not exceed 150 words in length since the space provided for the abstract 
on the computer tape used by the printer is limited. The form and legal phraseology 
often used in patent claims, such as "means" and "said," should be avoided. The 
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abstract should describe the disclosure sufficiently to assist readers in deciding whether 
there is a need for consulting the full patent text for details. 

The language should be clear and concise and should not repeat information 
given in the title. It should avoid using phrases which can be implied, such as, "The 
disclosure concerns; 1 "The disclosure defined by this invention," "The disclosure 
describes," etc. 

9. The abstract is more than the recommended 50 to 150 words in length. 
Appropriate correction is suggested. 

10. Applicant contends that an amended Abstract was submitted on January 5,2005. 

1 1 . However, this application does not contain an amended abstract of the disclosure 
as required by 37 CFR 1.72(b). An abstract on a separate sheet is required. 

Claim Rejections - 35 USC §112 

12. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

13. Claims 8,9,28, and 29 are rejected under 35 U.S.C. 112, second paragraph, as 
being indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. The claim language is vague and indefinite: "in 
accordance with X.500". 

Claim Rejections - 35 USC § 103 

14. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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15. Claims 1-7,10-11,13-27,30,32-42,44-51, and 53-55 are rejected under 35 U.S.C. 
103(a) as being unpatentable over Asad et al. (US Patent No. 6,725,240) in view of 
Ramsdell "S/MIME Version 3 Certificate Handling" and in view of "UniCERT| Policy 
Support: Operational Controls. 

Regarding claims 1,37, and 46, Asad et al. discloses the invention substantially 
as claimed because Asad et al. teaches an apparatus and method for protecting against 
data tampering in audit subsystem, for creating and verifying audit logs in a relational 
database without compromising the ability to detect data tampering in a data processing 
system. Asad et al. does not disclose a record-user mapping or user-name addressable 
entity mapping. Asad et al. does not disclose maintaining a database having entries for 
all contact points for a certificate nor does Asad et al. disclose remote notification for 
each record that is to be performed. 

However, Ramsdell "S/MIME Version 3 Certificate Handling" teaches and 
suggest setting up a certificate database in its simplest form to a particular user and a 
certificate database would function in a similar way as an address book. (See page 6, 
first full paragraph) Ramsdell teaches and suggests a database containing contact 
information for each certificate. Ramsdell further teaches and suggests the alternative 
name extension used in the S/MIME as the preferred means to convey the RFC-822 
email address (es) that correspond to the entity for this certificate. (See page 9, Section 
4.4.3) Ramsdell teaches and suggests that the contact information could be one or 
more email addresses corresponding to the certificate entity (e.g. owner (s)). Finally, 
Ramsdell teaches and suggests when processing certificates, there may be situations 
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where the processing software should take immediate and noticeable steps to inform 
the end user about it (See page 10, first paragraph). Thus, although not directed to an 
audit, Ramsdell does teach and suggest that the "end user" be notified if problems with 
the certificate are discovered. (See page 10, first paragraph) 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to have Asad et al. implement data tampering in addition to the 
audit system according to the S/MIME standards, thereby allowing the remote 
notification of records to be discovered by the end users. (See page 10, first paragraph) 

The combination of Asad et al. in view S/MIME does not teach the remote 
notification of an event by sending an email to all contact points notifying the owner(s) of 
an event. 

"UniCERT | Policy Support : Operational Controls" teaches that when a certificate 
reaches the end of its validity period, it can no longer be validated. The subject needs a 
new certificate, or at a minimum should be informed that their certificate has expired 
and they should apply for a new certificate. An email message to be sent to the end 
user, a configurable number of days before the certificate expires (Page 2, paragraph 
entitled "Certificate Rollover") Thus, UniCERT specifically teaches and suggest the 
remote notification of a certificate event. 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine UNiCERT and Ramsdell with Asad et al.'s teaching 
wherein the remote notification via email address(es) obtained from a certificate 
address book is sent to all recorded owners/aliases. 
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As per claims 2,21,38, and 48, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein maintaining the user name- 
addressable entity mapping from each user name to the respective addressable entity 
(See Ramsdell, page 5, Section 3) 

As per claims 3 and 22, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein the user name-addressable entity 
mapping is a trusted mapping (See Ramsdell, page 6, first full paragraph) 

As per claims 4,23,39, and 49, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein perform remote notification of 
records generated by a certificate management system, wherein obtaining from a user 
name-addressable entity mapping a respective addressable entity comprises obtaining 
a respective addressable entity from a respective certificate stored in a repository of 
published certificates (See Ramsdell, page 6, first full paragraph and UniCERT, page 2, 
paragraph entitled "Certificate Rollover") 

As per claims 13 and 32, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein storing record reading parameters 
(API) which determine circumstances under which the new set of records for processing 
is to be obtained, and obtaining the new set of records for processing in accordance 
with the record reading parameters (See Asad et al., Column 7, lines 4-10) 

As per claims 18,19, 20, 44, and 45, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein: 
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identifying at least one record identifier for which target audit record processing is 
to be performed, the target audit record processing comprising (See Asad et al., 
Column 8, lines 53-67, Column 9, lines 1-27) 

for each record identifier for which target audit record processing is to be 
performed reading from the associated record a target user name, obtaining from the 
user name-addressable entity mapping a respective addressable entity for the target 
user name and sending a notification of the record to the addressable entity (See 
Ramsdell, page 5, Section 3) 

As per claims 5,24,40, and 50, the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein the certificate management 
system comprises a PKI (Public Key Infrastructure) (See Ramsdell, page 1, Section 1) 

As per claims 6,25,26,41, and 47, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein maintaining the 
repository of published certificates in which is stored for each of a plurality of a user 
names the respective certificate in which is identified the respective addressable entity 
(See Ramsdell, page 6, first full paragraph) 

As per claims 7,27,42, and 51 , the combination of Asad et al. in view of Ramsdell 
and UniCERT) discloses the claimed limitation wherein the addressable entity is an E- 
mail address (See Ramsdell, page 5, Section 3) 

As per claim 10, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein each certificate storing the 
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respective addressable entity in a certificate extension field of the certificate (See 
Ramsdell, page 9, Section 4.4.2) 

As per claims 1 1 and 30, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein storing the respective addressable 
entity in a certificate extension field of the certificate comprises storing the respective 
addressable entity in a subject alternative name extension (See Ramsdell, page 9, 
Section 4.4.3) 

As per claims 14,15,33 and 34, the combination of Asad et al. in view of 
Ramsdell and UniCERT) discloses the claimed limitation wherein comprising protecting 
each notification message by encryption and/or digital signature (See Ramsdell, page 7, 
Section 4.2) 

As per claims 16 and 35, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein verifying authenticity of the 
respective certificate before sending the notification to the addressable entity obtained 
from the respective certificate (See UniCERT, page 2, paragraph entitled "Certificate 
Rollover") 

As per claims 17 and 36, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein maintaining an identification of a 
language of choice for each user name, before sending a notification to an addressable 
entity obtained for a particular user name, determining the particular user name's 
language of choice and including a translation of text in the notification message into the 
language of choice (See Ramsdell, page 5, Section 3) 



Application/Control Number: 09/730,547 Page 10 

Art Unit: 2137 

As per claims 53,54, 55, the combination of Asad et al. in view of Ramsdell and 
UniCERT) discloses the claimed limitation wherein instructions stored thereon for 
instructing a processing platform to implement a method (See Asad et al., Column 12, 
lines 17-24) 

Conclusion 

1 . THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Courtney D. Fields whose telephone number is 571- 
272-3871 . The examiner can normally be reached on Mon - Thurs. 6:00 - 4:00 pm; off 
every Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on 571-272-3865. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




September 28, 2007 



EMAAANUELLMOISE 
SUPERVISORY PATENT EXAMINER 




